| .. |
|
sysmon_certutil_decode.yml
|
Rule: Certutil Decode in AppData
|
2017-03-02 11:28:34 +01:00 |
|
sysmon_malware_verclsid_shellcode.yml
|
Rule: Sysmon Malware Shellcode in Verclsid Process
|
2017-03-04 10:38:23 +01:00 |
|
sysmon_mimikatz_detection_lsass.yml
|
Removed Sysmon EventLog from selection > via 'logsource'
|
2017-03-02 11:06:20 +01:00 |
|
sysmon_mimikatz_inmemory_detection.yml
|
Removed Sysmon EventLog from selection > via 'logsource'
|
2017-03-02 11:06:20 +01:00 |
|
sysmon_mshta_spawn_shell.yml
|
Typo
|
2017-03-05 01:47:37 +01:00 |
|
sysmon_office_macro_cmd.yml
|
Two new Sysmon rules for Office Macro/PS detection
|
2017-03-02 11:06:53 +01:00 |
|
sysmon_office_shell.yml
|
Modifications
|
2017-03-04 14:22:44 -08:00 |
|
sysmon_password_dumper_lsass.yml
|
Removed Sysmon EventLog from selection > via 'logsource'
|
2017-03-02 11:06:20 +01:00 |
|
sysmon_powershell_download.yml
|
Two new Sysmon rules for Office Macro/PS detection
|
2017-03-02 11:06:53 +01:00 |
|
sysmon_powershell_suspicious_parameter_combo.yml
|
Sysmon PowerShell - Suspicious Param Combination
|
2017-03-05 23:51:39 +01:00 |
|
sysmon_susp_driver_load.yml
|
Removed Sysmon EventLog from selection > via 'logsource'
|
2017-03-02 11:06:20 +01:00 |
|
sysmon_susp_file_execution.yml
|
wscript/cscript
|
2017-03-04 14:40:34 -08:00 |
|
sysmon_susp_mmc_source.yml
|
Removed Sysmon EventLog from selection > via 'logsource'
|
2017-03-02 11:06:20 +01:00 |
|
sysmon_vul_java_remote_debugging.yml
|
Removed Sysmon EventLog from selection > via 'logsource'
|
2017-03-02 11:06:20 +01:00 |
|
sysmon_webshell_detection.yml
|
Modifications
|
2017-03-04 14:22:44 -08:00 |
|
sysmon_webshell_spawn.yml
|
Modifications
|
2017-03-04 14:22:44 -08:00 |
